Methods for registering devices, also called trust establishment of remote devices, are known in the state-of-the-art. Firstly, use of a common secret key (shared secret key) is known. The common secret key is pre-installed or configured on a device which is to be registered, wherein for the purpose of registering the device, a technician initially creates a record for the device containing a device ID, a clearance for operation and the common secret key. The device ID is a unique identifier for the device and may depend on hardware components of the device or also on a random unique string of characters.
The device is subsequently connected to the server, wherein an authentication occurs by means of the device ID and the common secret key; following authentication the device is authorised for operational communication with the server. Following the first interaction and authentication, further login details may be generated in order to increase the security of the operational communication with the server, in particular if the common secret key is known to unauthorised persons.
However, this method has the disadvantage that the common secret key has to be pre-installed on the device, which occurs either by means of automatic installation of a common secret key on all devices or by means of a manual installation or configuration of a different common secret key on each device. A further disadvantage of this method consists in that a technician must know the device ID in order to create the corresponding record on the server for registration purposes. To this end, the device which is to be registered is generally booted up in order to obtain the device ID.
Furthermore, the registration of devices carried out by means of a so-called public key infrastructure (PKI) is known to the state-of-the-art, wherein in this case a device certificate signed by a certification body is stored in the device. The identification and authentication of a device by the server can be carried out on the basis of this certificate, wherein the complexity of this method, in particular in relation to renewal of certificates and the establishment and administration of certificate revocation lists, has proven to be disadvantageous. As a rule, according to the state-of-the-art, devices and servers communicate over a secure connection. This applies equally to the state-of-the-art methods described above as well as to the present invention.